New Directions in Lightweight Cryptography
HGI » UbiCrypt » Projects

New Di­rec­tions in Light­weight Cryp­to­gra­phy

1st ad­vi­sor: Kiltz, 2nd ad­vi­sor: Wolf, 3rd ad­vi­sor: Paar

De­scrip­ti­ons: Em­bed­ded plat­forms often have very ri­go­rous cons­traints in terms of com­pu­ta­tio­nal com­ple­xi­ty and gate size. Even though some em­bed­ded ap­p­li­ca­ti­ons can run full-si­ze pu­blic-key al­go­rith­ms such as el­lip­tic cur­ves, in some re­al-li­fe sce­na­ri­os, e.g., RFID tags or other pas­si­ve­ly-power­ed de­vices, even AES or hash ope­ra­ti­ons can be pro­hi­bi­ti­ve. This pro­jects aims at de­si­gning most­ly sym­me­tric cryp­to­gra­phic so­lu­ti­ons (such as au­then­ti­ca­ti­on pro­to­cols and stream-ciph­ers) that can be shown to be as se­cu­re as a well-de­fined com­pu­ta­tio­nal pro­blem and have a very low com­pu­ta­tio­nal com­ple­xi­ty/ gate size. Given the cons­traints in prac­tice this poses major theo­re­ti­cal re­se­arch chal­len­ges.

Sur­pri­sin­gly, the tools ne­cessa­ry for de­si­gning such pro­to­cols can be found in al­ter­na­ti­ve, or post-quan­tum, cryp­to­gra­phic sche­mes, e.g., from lat­ti­ces and co­ding theo­ry. A star­ting point for this re­se­arch will be the Hop­per-Blum (HB) sym­me­tric au­then­ti­ca­ti­on sche­me. Pro­to­cols from the HB fa­mi­ly are ex­tre­me­ly ef­fi­ci­ent (their com­pu­ta­ti­on only con­sists of a ma­trix-vec­tor mul­ti­pli­ca­ti­on over GF2), yet their se­cu­ri­ty is prov­a­b­ly equi­va­lent to well-stu­died hard­ness as­sump­ti­ons from co­ding theo­ry and lat­ti­ces. Ob­tai­ning a pro­to­col with hard­ware per­for­mance and code size com­pa­ra­ble to (or even bet­ter than) high-speed block ciph­ers such as AES, howe­ver, still poses a num­ber of chal­len­ges of theo­re­ti­cal and prac­tical na­tu­re.

This PhD pro­ject has a large theo­re­ti­cal part in which it looks at new prov­a­b­ly se­cu­re sym­me­tric pro­to­cols that are very ef­fi­ci­ent and may even be sui­ta­ble for prac­tical ap­p­li­ca­ti­ons.


Prof. Eike Kiltz

Prof. Eike Kiltz